I had an idea, two weeks, and some idea of where to start the code. What I didn’t have was a guarantee that this idea would even be feasible. However, I really didn’t have any other options, so I took my chances and devoted my full time to fleshing out my idea. After stumbling over a few roadblocks, I began to see that my idea was indeed working, in some ways better than I had expected. I also saw about 15 different ways that I could make it even better, but I knew I didn’t have time for most of them. That’s not a problem, since I knew if I delivered on this project, I would have the opportunity to continue to work on it once the school year started. So, I kept going on what I had, and finished the code during the hurricane (the threat of losing power was a good motivator). Now, I’m rushing to finish the paper in time for the deadline, and setting up a schedule to improve upon my initial results with my advisor. It was a bit crazy at times, but the seven weeks I spend on this project were seven weeks well spent.
Now, it’s a long way from conceptualizing a flaw to writing the code that actively exploits it. My first step was to write some code that did something harmless, but would function as the basis for my exploit. This would serve two purposes, the first being to familiarize myself with the Android API, and secondly to get me some information that I needed for the exploit. As it is with any new domain, the first 100 lines of code took much longer than the next 500. By the middle of week 4, I had most of the information I needed to move on, when I hit a snag. I realized that in order to execute the second part of my idea, I would need the source code to some popular applications.
I was at a loss for what to do, and this led to the rest of my last week before taking a break to be a bit unproductive. I began searching for a new idea, but I wasn’t coming up with much. It seemed like a lost cause at the time. After all, I had roughly two weeks to do what I hadn’t finished in five. The rest of the story will be in my final post, but the background knowledge that I had built up in the first couple weeks ended up saving me in the last two.